We have filed a class action lawsuit against Premera.

Have you had Premera Blue Cross health insurance or otherwise been a Premera customer since 2002?

If so, your personal information may have been hacked and you may have been exposed to the risk of identity theft.

Pfau Cochran Vertetis Amala PLLC is using the class action lawsuit to seek all available remedies to help protect victims in the future. Premera’s offer of 2 years of credit monitoring is a start, but it doesn’t go nearly far enough. One of the things we’ll be seeking in the lawsuit is lifetime credit monitoring for all victims of this data breach.

11 Million Premera Members Potentially Exposed by Data Breach

Premera Blue Cross is a health insurance company headquartered in Mountlake Terrace, WA.

Premera insures millions of customers across the Pacific Northwest through individual and group (for example, employer provided) health insurance plans.

On March 17, 2015, Premera announced that its systems were hacked in a “sophisticated cyberattack,” potentially exposing the information of up to 11 million Premera customers. The potentially exposed information includes customers’ full names; Social Security numbers; bank account information; dates of birth; addresses; email addresses; telephone numbers; and claims information, including clinical information.

The attack happened May 5, 2014, but Premera did not have the security systems in place to discover the breach until January 29, 2015. This likely means that the hackers had access to the above information for more than 8 months.

Federal Auditors Inspected Premera Blue Cross in January 2014, and we have the Report

PCVA has obtained a copy of the Office of Personnel Management’s report of the audit of Premera’s systems. It lists 10 “opportunities for improvement” in Premera’s access controls. Of note to us were the following:

Failure to implement software patches in a timely manner

Failure to promptly install important updates increases the risk that vulnerabilities will not be remediated and sensitive data could be breached.

Noncurrent software

The results of the vulnerability scans indicated that several servers contained noncurrent software applications that were no longer supported by the vendors and have known security vulnerabilities.

…Failure to promptly remove outdated software increases the risk of a successful malicious attack on the information system.

Insecure Operating System Configuration

The results of the vulnerability scans also indicated that several servers contained insecure configurations that could allow hackers or unprivileged users to insert code that would result in privilege escalation. The escalated privileges could grant the hackers unauthorized access to sensitive and proprietary information.

Anyone who provided information to Premera since 2002 at risk

Premera has stated that the information in its systems dated back to 2002.

This data consisted of information provided by:

Premera applicants

Premera subscribers

Premera Blue Cross Blue Shield of Alaska applicants and subscribers

Vivacity applicants, customers, and members

Connexion applicants, customers, and members

Individuals “doing business” with Premera

Members of other Blue Cross Blue Shield plans who sought treatment in Washington or Alaska

If you fall into any of the above categories, your personal information is at risk. Premera has stated that it has begun sending letters to affected individuals and that those letters should be received by April 20.

Data breach poses a real risk of identity theft

The types of information potentially exposed during the Premera data breach are the virtual keys to your identity. With this information, hackers can wreak havoc in your life. Your tax return can be stolen, or subverted by a hacker with your Social Security number and address. Your bank’s customer service center may authenticate “you” by your address, date of birth, and a few digits of your social security number. Someone can file for unemployment in your name, causing a big headache for you and your boss. Of course, there’s the old standby of using your information to open new credit accounts and racking up huge balances that will affect your credit score.

Do I have a legal right to protect myself?

Violation of Numerous Laws and Regulations

Numerous federal laws and regulations require health insurers like Premera to utilize the strictest measures possible to protect the personal information of its applicants and subscribers. We believe that the data breach in and of itself is a clear violation of these laws and regulations.

Additionally, a recent Seattle Times article revealed that federal auditors warned Premera of its vulnerability to hacking three weeks before the data breach happened. Two weeks before the breach occurred, those federal auditors gave Premera a list of findings and ten specific recommendations for improving its cybersecurity. Premera, however, did not respond to these findings and recommendations until June 30, 2014, almost two months after the breach. And Premera did not even discover the breach until January 29 of this year.

Simply put, Premera knew this attack might happen and what it could do to better secure its systems. However, it failed to implement those measures promptly and allowed hackers to access its systems for up to eight months. Under these straightforward facts, we believe Premera may be liable to you for any unauthorized access or use of your personal information. That is why we have filed a class action lawsuit on your behalf.

Whether this class action goes to trial or settles, we know how take on the health care industry, and we know how to win. And, with our law firm’s cutting-edge technology, we are available to you 24/7.

If you believe your personal and medical information has been exposed or your identity stolen as a result of the Premera hack, contact us for a free, confidential consultation at 1-800-349-PCVA (7282) or by filling out the contact form below.

CONTACT US TO FIND OUT MORE OR JOIN THE LAWSUIT.

If you believe you are affected, or if you’ve gotten a letter from Premera explaining that your data was part of the breach, we’d like to fight for you.

The use of the internet or this site to communicate with PCVA or any individual member of the firm does not establish an attorney-client relationship. By using this form, you agree that you are not expecting to receive legal advice from PCVA, you are not relying on PCVA to provide you with legal advice, and that no attorney-client relationship exists until an attorney from our firm has affirmatively indicated that we will represent you. Finally, every case is governed by a statute of limitations, which means it must be filed within a certain amount of time after the event giving rise to liability, so time-sensitive information should not be sent through this form.